Summary
Overview
Work History
Education
LANGUAGES
LINKS
Certification
Timeline
Generic

Jihan Ferfess

Marseille

Summary

Cybersecurity professional with demonstrated history of safeguarding digital assets and ensuring compliance with security policies. Known for fostering collaborative team environments and delivering results under pressure. Specializes in risk management and application security, with consistent focus on adaptability and reliability.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Cybersecurity Manager

Deloitte
09.2024 - Current

Application security & secure development lifecycle:

  • Conducted analysis of existing SDL processes to identify weaknesses in threat modeling, secure code reviews, automated testing, and security tooling integration.
  • Investigated Memory Safety issues (CWE/CVE) impacting OT products, identifying root causes, and proposing security enhancements to mitigate vulnerabilities escaping SDL processes.
  • Analyzed existing solutions and best practices covering tools, process and people, including runtime protection mechanisms such as RunSafe’s loadtimefunction, memory-safe coding practices, and memory tagging technologies to address memory safety risks.

IT transformation:

  • Define and formalize security policies, dashboards definition and indicators monitoring
  • Global project management for IT programs requiring transverse coordination

Physical Security:

  • Global project management for physical access control management program
  • Coordinated a partnership and learning program between Deloitte and various physical security vendors such as Milestone, Nedap, Legic, Idware...etc.

Senior Cybersecurity Consultant

Deloitte
11.2022 - 09.2024

IT and compliance audits

  • Evaluation of cybersecurity maturity/compliance based on recognized standards and regulations (ISO27001, Arrêté du 14 septembre2018)
  • Conduct of IT and cybersecurity audits for IT service center of large international group (NIST, ISO27001, ITIL)
  • Evaluate access control and segregation of duties (SoD) for critical applications such as mainframe and SAP.
  • Review existing access provisioning and deprovisioning processes to identify gaps and recommend improvements for better security and efficiency
  • Emergency access management and continuous controls reporting

Senior Cybersecurity Consultant

Ernst & Young (EY)
05.2021 - 09.2022

Risk Analysis and ISMS Implementation:

  • Risk Analysis and Compliance Projects: Conducted digital risk analysis and treatment following EBIOS RM method.
  • Conducted comprehensive digital risk analysis and risk treatment using EBIOS RM method, identifying and prioritizing risks to establish appropriate security measures.
  • Prepared Information Security Management System (ISMS) certifications for french agency, following DISSIP framework established by French Ministry of Interior, to ensure regulatory compliance and robust security posture.
  • Monitored and tracked action plans stemming from security audits and risk analysis, ensuring timely implementation of corrective measures and alignment with best practices.
  • Implemented ISMS with focus on continuous improvement for Public Key Infrastructure (PKI) security, enhancing protection and validation processes for secure documents such as passports and ID cards.

Data Privacy:

  • Conducted Data Protection Impact Assessments (DPIAs) to assess compliance with GDPR requirements, ensuring data protection principles were integrated into new solutions and processes.

Cybersecurity Consultant

Capgemini
04.2018 - 04.2021

Email Protection - DMARC:

  • Managed and led DMARC change management program, which helps organizations reduce email misuse such as spam and phishing by providing deployment and monitoring solution for email authentication issues.
  • Investigated and documented inventory of legitimate e-mail sending domains and third-party tools.
  • Secured all legitimate email sending domains by implementing of SPF and DKIM protocols for authenticating emails sent from legitimate sources and blocking all illegitimate domain use

Data Privacy - GDRP:

  • Assessed Privacy by Design and Privacy by Default principles across client's BUs to ensure continuous and complete alignment with GDPR requirements, including legitimacy principles and cross-border data transfer regulations.
  • Evaluated and documented initial privacy assessments (IPA), legitimate interest assessments (LIA) as well as internal data transfer agreement in alignment with GDPR requirements.

Business Continuity Plan:

  • Implemented Business Continuity Plan (BCP) for 10 critical business areas, establishing recovery strategies and response procedures for effective disaster recovery.
  • Documented BCP Strategy for food and transport company covering all critical activities and IT structure.

IAM Project management:

  • Managed and monitored multiple Identity and Access Management (IAM) projects roadmaps implementation progress, including CyberArk and Ping ID.
  • Conducted regular reviews and audits of IAM policies and procedures to identify areas for improvement.

Education

Executive Program For New Managers - Leadership

HEC Paris
Paris - France
05-2025

Specialized Masters (MS) - Expert in Management Control, Audit, and Information Systems Management

Skema Business School
Paris - France
01.2018

Computer Engineering - Information Systems

National School of Applied Sciences (ENSA)
Tetouan - Morocco
01.2016

LANGUAGES

English
French
Arabic

LINKS

LinkedIn: https://www.linkedin.com/in/jihan-f-36baaa110/

Certification

  • EBIOS RM
  • AEOS Configuration Level 1
  • Netvision Param Hyberviseur


Timeline

Cybersecurity Manager

Deloitte
09.2024 - Current

Senior Cybersecurity Consultant

Deloitte
11.2022 - 09.2024

Senior Cybersecurity Consultant

Ernst & Young (EY)
05.2021 - 09.2022

Cybersecurity Consultant

Capgemini
04.2018 - 04.2021

Executive Program For New Managers - Leadership

HEC Paris

Specialized Masters (MS) - Expert in Management Control, Audit, and Information Systems Management

Skema Business School

Computer Engineering - Information Systems

National School of Applied Sciences (ENSA)
Jihan Ferfess